Professional Documents
Culture Documents
Designing and Implementing A Secure Network Infrastructure
Designing and Implementing A Secure Network Infrastructure
Designing and Implementing A Secure Network Infrastructure
Internet
Corporate Network
Remote Authentication /
Access Syslog Servers
Customer Customer
Elements of a Security
Architecture
§ Authentication
§ Authorization
§ Data Integrity
§ Data Origin Authentication
§ Data Confidentiality
§ Network Availability
§ Audit
Questions To Ask
Ø Who can have access to what?
Ø How to provide authentication?
Is It An Embarrassment ?
§ Data confidentiality
The Security Policy Should
Include….
§ Mechanisms to verify and monitor security controls
– Accounting
– Management
– Intrusion detection
§ Policies and procedures for staff that is responsible for the corporate
network
– Secure backups
– Equipment certification
– Use of Portable Tools
– Audit Trails
– Incident Handling
§ http://www.ietf.org
§ http://www.sans.org
§ http://www.microsoft.com/technet/tree
view/default.asp?url=/technet/security/
default.asp
§ http://www.robertgraham.com/pubs/ne
twork-intrusion-detection.html
Security Policy Summary
§ Need to have a comprehensive document
for legal support
§ Crypto 101
§ Authentication Technologies
§ Application Layer Security
§ Transport Layer Security
§ Network Layer Security (IPsec)
§ Link Layer Security
Cryptography Is Used For ?
§ Authentication Protocols
§ Data Origin Authentication
§ Data Integrity
§ Data Confidentiality
Public Key Encryption
Uses public/private keys
–Keep private key private
–Anyone can see public key
Public
Private
1 Router B
2 4
Router A
Pri Pub
Encrypted
Clear ENCRYPT 3 DECRYPT Clear
DES DES
(Cleartext) (Cleartext)
(Ciphertext)
a,p
XA XB
a,p
XA XB
YA YB
§ Diffie-Hellman Algorithm
– Uses public-key cryptography to derive secret key
– Exchanges need to be authenticated
§ Hash Functions
– Easy to compute
– Typically used for data origin authentication and data integrity
§ Digital Signatures
– Combines hash functions with public key cryptography
Technology Fundamentals
§ Crypto 101
§ Authentication Technologies
§ Application Layer Security
§ Transport Layer Security
§ Network Layer Security (IPsec)
§ Link Layer Security
Methods of Authentication
WHO are you? What credentials do you give?
Weak
§ No username/password
§ Static username/password
§ Aging username/password
§ One-Time Password (OTP)
–S/Key —OTP for terminal login
–PAP—OTP for PPP
§ Token cards/soft tokens (OTP)
–Enigma Logic, DES Card, Security Dynamics
Strong
One Time Passwords
§ S/KEY
35 SAVE DUNK FRED SELF HURT
36 RAKE GET HIS BUNK OFF
37 DEAD RUN JACK HIDE LOAD
§ Token cards
–Use algorithm based on PIN
or time-of-day to generate passwords
–Server uses same algorithm
Initial S/Key Exchange
Initialized with
Initialized with password “letmein”
password “letmein”
PSTN
PSTN
1
“letmein” + 6 Network
Access Server
Hash
Function
98 times
Hash
Function
3
6-word output
( HARD BITE LOAD HURT SAVE DEAD )
Verifying The S/Key Password
Seq # Password
99 BOAT HIDE LOVE HOME HELP WHAT
Client
Network
Access Server S/Key
PSTN Server
Hash
Function
Client
PSTN
Network
Access Server
§ PAP
§ CHAP
§ MS-CHAP
§ MS-CHAPv2
§ EAP
PPP PAP Authentication
DATABASE
ID Password
Twiggy LetMeIn
Compare ID
2
“Twiggy” and password
Network
Branch Router Access Server
Authentication Request
1
(ID=Twiggy, Password=LetMeIn)
Authenticate-ACK
3
Challenge Response
3
(ID, challenge response # [hash], Loopy)
Success Message
5
PPP MS-CHAP /MS-CHAP2
§ RFC 1994 claims that CHAP secrets cannot
be stored in encrypted form
§ Microsoft has a variation of CHAP where the
secrets are stored encrypted by both the
peer and the authenticator
PPP EAP Authentication
§ Supports multiple authentication
mechanisms
§ Authentication mechanism selected in
authentication phase
§ Permits use of a ‘back-end’ server
§ NAS can become pass-through and doesn’t
need to be updated for new authentication
mechanism support
PPP EAP Authentication
Telecommuter
EAP server
NAS
EAP-Request (Type=Identity)
§ Kerberos
TACACS+ Transactions
§ Transactions between client and server are
authenticated through use of shared secret
§ Transactions are encrypted
Hash1 = (session ID, secret, version#, seq#) MD5
1 Hash2 = (hash1, session ID, version#, seq#) MD5
[repeated an implementation specific # of times)
2
Last hash concatenated and truncated to length of data
to be encrypted….this is called the pseudo-pad
Session ID
Length
Session ID: randomly chosen and does not change for the duration
Of the TACACS+ session
TACACS+ Server
User 1 NAS
(TACACS+ client)
4 3
5 6
7
1. User initiates PPP authentication to NAS
8
2. NAS sends START packet to TACACS+ server
3. TACACS+ server responds with GETUSER packets that
contain the prompts for username/password (PAP) or challenge (CHAP)
4. NAS sends the display to the user
5. User responds to NAS
6. NAS sends encrypted packet to TACACS+ server
7. TACACS+ server responds to NAS with authentication result
8. NAS and TACACS+ server exchange authorization requests and replies
9. NAS acts upon authorization exchange
RADIUS Transactions
§ Transactions between client and server are
authenticated using shared secret
§ Only user passwords are encrypted
between client and server
Request Authenticator
Attributes
Length: two octets and indicates length of the packet including the
Code, Identifier, Length, Authenticator and Attribute fields. The minimum
Length is 20 and the maximum is 4096 octets.
RADIUS Server
User 1 NAS
(RADIUS client)
2
3 4
5
1. User initiates PPP authentication to NAS
2. NAS prompts user for username/password (PAP) or challenge (CHAP)
3. User replies
4. NAS sends username and encrypted password to RADIUS server
5. RADIUS server responds with Accept, Reject or Challenge
6. NAS acts upon services and service parameters bundled with Accept or Reject
TACACS+ vs RADIUS
§ TACACS+: TCP port 49
§ RADIUS: UDP port 1812 (1645)
§ Only password is confidential in RADIUS
§ Feature support
§ Vendor support
Application
Server
Client Kclient Kserver
Authentication Response 3
KDC verifies client
2
[Ksession , Texp, random #, server name] encrypted with K client access rights
Authentication
Server
Authenticator
Supplicant
Authentication
Server
Authenticator
Supplicant 1
When supplicant physically connects the
switch port enables port only for EAPOL traffic
2
Initial EAP packet exchange using EAPOL
It is up to implementation to decide
whether to sign or encrypt first !!
Technology Fundamentals
§ Crypto 101
§ Authentication Technologies
§ Application Layer Security
§ Transport Layer Security
§ Network Layer Security (IPsec)
§ Link Layer Security
Transport Layer Security
(SSL/TLS)
Provides data encryption, server authentication, message
integrity, and optional client authentication for a TCP/IP
connection.
3 Main Properties:
§ The connection is private. Encryption is used after an initial
handshake to define a secret key. Symmetric cryptography is
used for data encryption (for example, DES and RC4).
DATA
HMAC-MD5
Padding
Padding Length
The SSL Handshake Process
Internet
§ Confidentiality….many algorithms to
choose from
§ Data integrity and source authentication
– Data “signed” by sender and “signature”
verified by the recipient
– Modification of data can be detected by
signature “verification”
– Because “signature” based on a shared
secret, it gives source authentication
What Does IPsec Provide?
§ Anti-replay protection
– Optional : the sender must provide it but the recipient may ignore
§ Key Management
– IKE – session negotiation and establishment
– Sessions are rekeyed or deleted automatically
– Secret keys are securely established and authenticated
– Remote peer is authenticated through varying options
What is an SA?
§ Security Association groups elements of a
conversation together
– AH authentication algorithm and keys
– ESP encryption algorithm and key(s)
– Cryptographic syncronization
– SA lifetime
– SA source address
– Mode (transport or tunnel)
A Security Association Maps:
§ From a host or gateway
– To a particular IP destination address
– With a particular security protocol (AH/ESP)
– Using SPI selected by remote host or gateway
§ To a host or gateway
– To (one of) our IP address(es)
– With a particular security protocol (ESP/AH)
– Using SPI selected by us
A SPI Represents an SA
§ The SPI is a 32-bit number
§ The SPI is combined with the protocol
(AH/ESP) and destination IP address to
uniquely identify an SA
§ An SA is unidirectional
Sequence Number
Authentication Data
[ Integrity Value Check (ICV) ]
SPI: arbitrary 32-bit number that specifies to the receiving device which security
association is being used (security protocols, algorithms, keys, times, addresses, etc)
Sequence Number: start at 1 and must never repeat. It is always set but receiver
may choose to ignore this field
Authentication Data: ICV is a digital signature ov er the packet and it varies in length
depending on the algorithm used (SHA-1, MD5)
Encapsulating Security Payload
(ESP)
§ Must encrypt and/or authenticate in each
packet
§ Encryption occurs before authentication
§ Authentication is applied to data in the IPsec
header as well as the data contained as
payload
ESP Header Format
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Security Parameter Index (SPI)
Sequence Number
Authentication Header
• ToS
• TTL
• Header Checksum
• Offset
• Flags
Packet Format Alteration for ESP
Transport Mode
Encrypted
Authenticated
Packet Format Alteration for AH
Tunnel Mode
Authentication Header
• ToS
• TTL
• Header Checksum
• Offset
• Flags
Packet Format Alteration for ESP
Tunnel Mode
Encrypted
Authenticated
Internet Key Exchange (IKE)
§ Phase I
– Establish a secure channel (ISAKMP/IKE SA)
– Using either main mode or aggressive mode
§ Phase II
– Establishes a secure channel between
computers intended for the transmission of data
(IPsec SA)
– Using quick mode
Overview of IKE
IKE Phase 2
3
IPsec Tunnel
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Initiator Cookie
Responder Cookie
Major Minor
Next Payload Version Version Exchange Type Flags
Message ID
ISAKMP HEADER
Payload
Payload
Next Payload: 1byte; identifier for next payload in message. If it is the last payload
It will be set to 0
Payload Length: 2 bytes; length of payload (in bytes) including the header
Internet
192.168.1.15
Corporate
Network
Branch Network
Remote NAT/PAT
Router Router
Transport Mode
Original
IP Header TCP/UDP Data
After applying
ESP/UDP: Original UDP ESP ESP ESP
IP Header Header Header TCP/UDP Data Trailer Authentication
Encrypted
Authenticated
UDP Encapsulation of Tunnel
Mode ESP Packets
Tunnel Mode
Original
IP Header TCP/UDP Data
Encrypted
Authenticated
Technology Fundamentals
§ Crypto 101
§ Authentication Technologies
§ Application Layer Security
§ Transport Layer Security
§ Network Layer Security (IPsec)
§ Link Layer Security
Dial-Up VPNs
§ Treat remote dial access as virtual (Point-to-
point) links
– Primary goal of L2 VPNs is tunneling, not
security
– Traditional dial-up user authentication (PAP,
CHAP, MS-CHAP, EAP)
– In some cases, data confidentiality
Layer 2 Tunneling Protocol
§ Designed in IETF PPP Extensions working group
– Combination of Cisco L2F & PPTP features,
L2TP RFC 2661, Aug 99
– L2TP Extensions working group established
§ Uses UDP for control and data packets, well
known port is 1701
§ Uses PPP for packet encapsulation – carries most
protocols (also non-IP protocols)
§ IP UDP packet security provided by IPsec
transport mode, as in RFC 2401, 2409, etc
L2TP Features
§ Control session authentication, keep-alives
§ EAP…broader authentication mechanisms
§ Tunnel over any switched virtual connection (IP,
FR, ATM)….runs over any transport
§ Integration with mobile IP
§ IPsec ESP for confidentiality and integrity (else
packets in the ‘clear ’)
§ IKE for key management
L2TP and IPsec
Multiple Encapsulations
…..careful of packet size!!
IPsec DES or 3DES encrypted
TCP
IP IPSEC UDP L2TP PPP IP UDP
Application Data IPSEC
§ Unauthorized Access
– Eavesdropping/Port scanning/War dialing
§ Impersonation
– Spoofing attacks/Replay attacks
§ Data Manipulation
§ Denial of Service (DoS) / DDoS
§ Viruses
§ Email SPAM
Intruder
Web Servers
3
Port scan to see which
services are available
for exploitation
Target Host
War Dialing
Large Interesting
Corporation
Insecure corporate
5 modem bank allows
4 Intruder attempts to unauthorized access
connect to devices that
answered via deceptive route
Intruder
UNIVERSITY
3 Answered numbers
are accessible via database
DoS and DDoS Attacks
– TCP SYN
– TCP ACK
– UDP, ICMP, TCP floods
– Fragmented Packets
– IGMP flood
– Spoofed and un -spoofed
TCP Packet Format
0 4 8 16 31
Sequence Number
Acknowledgment Number
U A P R S F
Offset Reserved R C S S Y I Window Size
G K H T N N
DATA................
Basics of a DDoS Attack
DDoS client
DDoS
agents
Victim
raffic
DoST
D
Automated DDoS Attack
Vulnerable hosts
1 Initiate scan 2 are compromised
Attacker 4
Further scanning
for compromises 4 4
5
5
5
Massive DDoS
attack launched
Victim Network
DDoS Vulnerabilities
§ Distributed and/or coordinated attacks
– Increasing rate and sophistication
§ Infrastructure protection
– Coordinated attack against infrastructure
– Attacks against multiple infrastructure components
Secure
Workstation Engineering Server
with Modem
Engineering LAN
Corporate Network
How Do You Secure Infrastructure ?
line con 0
!
line vty 0 4
exec-timeout 0 0
login local
transport input telnet
Banner….what’s wrong?
banner login ^C
Martini
144.254.101.0
144.254.102.0
Campus
Venice
SantaCruz SanJose
Campus
Sending Receiving
Router Router
3
Routing Update
Routing Update
Router A
Hash
Function
Hash
MD-5 Neighbor Authentication:
Receiving Router
Router B
Routing Update
0 4 8 16 31
Source IP Address
Destination IP Address
DATA................
TCP Header Format
0 4 8 16 31
Sequence Number
Acknowledgment Number
DATA................
UDP Header Format
0 16 31
Length Checksum
Data............
Filtering Recommendations
§ Log filter port messages properly
§ Allow only internal addresses to enter the
router from the internal interface
§ Block packets from outside (untrusted) that
are obviously fake or commonly used for
attacks
§ Block packets that claim to have a source
address of any internal (trusted) network.
Filtering Recommendations
§ Block incoming loopback packets and RFC 1918 networks
– 127.0.0.0
– 10.0.0.0 – 10.255.255.255
– 172.16.0.0 – 172.31.0.0
– 192.168.0.0 – 192.168.255.255
§ Block multicast packets (if NOT using multicast)
§ Block broadcast packets (careful of DHCP and BOOTP
users)
§ Block incoming packets that claim to have same
destination and source address
Filtering Issues
§ Ordering
– What sequence is packet inspected in?
§ Performance
– Are there any limitations?
§ Logging
– Get appropriate information
– Timestamps
How Do You Secure Infrastructure?
Corporate
4 3
5
Network
6
VPN
Concentrator
SSL or IPsec ?
Intranet VPN
Branch Network Corporate Network
2
1
BSG CSG
3
User 4
5
6 File servers
How Do You Secure Infrastructure ?
1 2 12
1 2 12
Intrusion
Intrusion
Detection
Detection
Host A Host A Host B System
Host B System
Traffic from host A to host B gets sent to all hub Traffic from host A to host B gets sent only to
ports so the IDS can effectively monitor the the port which connects host B and the IDS does
traffic. not see any traffic.
Using NIDS with Cable Taps
1 2 ....... 12
Tap Panel
Tap Tap
Intrusion
Host A Detection
Host B
System
Collecting Incident Data
Traditional Forensics Infrastructure Forensics
§ Immediately shutdown § Live system data is the
the system (or pull the most valuable.
power cord) § Immediate shutdown
destroys all of this data.
§ Make a forensic
duplicate § Persistent (flash) data
will likely be unchanged
§ Perform analysis on the and useless.
duplicate § Investigators must
§ Live system data is recover live data for
rarely recovered. analysis
Bare Minimum Device Security
§ Authenticate and keep track of who has
accessed infrastructure devices
§ Configure access remotely only through ssh
or trusted hosts (know what data is sent in
the clear)
§ Disable access that is not used
§ Accurate timestamps for all logging
§ Keep keys confidential
Not To Be Forgotten
§ DNS Servers
– Lame delegations are evil
– Recursive DNS can lead to cache poisoning
(UDP – trivial to determine seq# and create invalid entry)
Block traffic to destination port 53 only and allow traffic to source port
53 that already has an established connection
§ Email Servers
Spam attacks and deterrents:
http://spam.abuse.net/
http://www.cauce.org/
Agenda
§ Session I (1:30 – 3:00)
Security Technology Details
§ Session II (3:30 – 5:00)
Secure Infrastructure Architectures
§ Session III (7:30 – 9:00)
Sample Configuration Scenarios
What Do I Configure
§ Device Security
§ Filtering
§ Routing Security
§ IPsec
§ DoS/DDoS Mitigation
§ Incident Response
Generic Device Security Checklist
§ Console access
§ Logical access
Ø telnet vs ssh
Ø http
Ø snmp
§ Logging
§ Encrypting Passwords
Device Security Checklist (Layer 3)
§ Blackhole Filtering
§ Routing Authentication
§ ICMP Filters
§ Other filtering templates
Device Security Checklist (Layer 2)
§ MAC Filters
§ Port Authentication – 802.1x
What Do I Configure
§ Device Security
§ Filtering
§ Routing Security
§ IPsec
§ DoS/DDoS Mitigation
§ Incident Response
Making IPsec Configuration
Understandable
§ Vendors have made it hard since no
collaboration for defaults (even within same
company)
§ YOU need to define appropriate options
Pretty Good IPsec Policy
§ IKE Phase 1 (aka ISAKMP)
– 3DES
– Lifetime (how many seconds in 1 day?)
– SHA-1
– DH Group 2 (MODP)
§ IKE Phase 2 (aka IPsec)
– 3DES
– Lifetime (how many seconds in 1 hour?)
– SHA-1
– PFS
– DH Group 2 (MODP)
PFS- what is it?
§ Perfect Forward Secrecy
§ Doing new DH exchange to derive keying
material
Branch Office B
192.150.42.0
144.254.0.0 (255.255.255.224)
(255.255.255.0)
Corporate Campus
Ingress filter from Internet
Egress filter to Internet
Ingress filter from Branch B
Egress filter to Branch B
Ingress filter from Internet
Egress filter to Internet
interface BRI0
description To Corporate Network
ip access-group 133 in
ip access-group 144 out
NAS Router Policy
Ingress filtering:
Egress filtering:
•deny all rfc 1918 and special use addresses from propagating
to branch networks
•deny all traffic with an IP source address that matches the branch
network address allocation
Egress filtering:
Multiple policies can be configured and the priority number, which ranges
from 1 to 10,000, denotes the order of preference that a given policy will be
negotiated with an ISAKMP peer. The lower value has the higher priority.
Once in the ISAKMP configuration mode, the following parameters can be
specified are:
Encryption Algorithm
Hash Algorithm
Authentication Method
Group Lifetime
Configuring IPsec
STEP 2 Set the ISAKMP Identity
The ISAKMP identity specifies how the IKE Phase 1 peer is identified,
which can be either by IP address or host name.
The command to use is:
The AH and ESP parameters are configured with the following commands:
This step sets up a crypto map which specifies all the necessary
parameters to negotiate the IPsec SA policy. The following commands are required:
Using this command, the identifying interface will be used as the local address
for IPsec traffic originating from or destined to those
interfaces sharing the same crypto map. A loopback interface should
be used as the identifying interface.
Additional IPsec Considerations